环境准备:
db01: 2-3G内存es kibana nginx filebeat
准备ES单机环境
====================================
cat >/etc/elasticsearch/elasticsearch.yml <<EOF
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 10.0.0.51,127.0.0.1
http.port: 9200
EOF
====================================
yum install ntpdate -y
ntpdate time1.aliyun.com
systemctl stop elasticsearch
systemctl stop kibana
rm -rf /var/lib/elasticsearch/*
rm -rf /var/lib/kibana/*
systemctl start elasticsearch
systemctl start kibana
netstat -lntup|grep 9200
netstat -lntup|grep 5601
filebeat收集简单Nginx日志
0.更新系统时间
ntpdate time1.aliyun.com
1.db01安装nginx
cat >/etc/yum.repos.d/nginx.repo<<EOF [nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/ gpgcheck=0 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/ gpgcheck=0 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key EOF
yum makecache fast yum install nginx -y systemctl start nginx
2.准备测试页面
rm -rf /etc/nginx/conf.d/default.conf mkdir /code/www -p echo "www" > /code/www/index.html chown -R nginx:nginx /code/ cat >/etc/nginx/conf.d/www.conf <<EOF server { listen 80; server_name www.mysun.com; location / { root /code/www; index index.html index.htm; } } EOF
nginx -t systemctl restart nginx curl 127.0.0.1
3.安装filebeat
rpm -ivh filebeat-6.6.0-x86_64.rpm rpm -qc filebeat
4.配置filebeat
cp /etc/filebeat/filebeat.yml /opt/ cat >/etc/filebeat/filebeat.yml<<EOF filebeat.inputs: - type: log enabled: true paths: - /var/log/nginx/access.log output.elasticsearch: hosts: ["10.0.0.51:9200"] EOF
5.启动并检查
systemctl start filebeat tail -f /var/log/filebeat/filebeat
5.查看日志结果
es-head查看
6.kibana添加
Management >> Index Patterns >> filebeat-6.6.0-2019.12.05 >> @timestamp >> create >> discover
